Solved

Browser Hijacker

  • 28 October 2012
  • 61 replies
  • 914 views


Show first post

61 replies

Userlevel 7
Badge +56
@ wrote:
Just updated my flash using the addons page in FF, went through as per normal, except that WSA says its not approved!!
Is that because its too new?
Download an install from here: http://www.adobe.com/products/flashplayer/distribution3.html
 
And much more info here: https://community.webroot.com/t5/Security-Industry-News/Adobe-Flash-Player-12-0-0-77/td-p/88640
 

Daniel
Userlevel 7
Hi GettinBetter
 
Would you be able to clarify what you mean by "not approved"?  Has something been quarantined or set to 'Block' or 'Monitor'?
 
Regards
 
 
Baldrick
Userlevel 7
Badge +56
@ wrote:
Yeah, Cheers for that litle pearl Baldrick  😃 , I have now submitted a support ticket,  Not sure I qualify though I only have the trial version, but this could be a turning point as far as my security software goes.  I've been with ESET for years, but only because they were the only ones doing 64 bit software at the time.
 
I was a Big NOD32 user fan and had Prevx running with it and found out I didn't need NOD32 as Prevx was protecting much better and Prevx was Acquired by Webroot in Nov 2010 and made it much better and with more features and you can't beat the Cloud as it's the future and it's here now! Only a 745kb installer 3 to 6MB of RAM and all the work is done in the Cloud!
 
Daniel ;)
 

Userlevel 1
Just updated my flash using the addons page in FF, went through as per normal, except that WSA says its not approved!!
Is that because its too new?
Userlevel 7
Badge +62
:DI'm just going to follow friends on the community and add kudos....Learning everyday...
 
 
Userlevel 7
Hi GettinBetter
 
I am sure that you qualify, even on a trail license, after all...they will want to make you a happy punter, I am sure...and what better way to convince than with great support...which is what the Webroot Support Team are renown for...amongst those who know.
 
Do keep us posted re. your experiences...and whether you decide to stick with WSA.
 
Regards
 
 
Baldrick
Userlevel 1
Yeah, Cheers for that litle pearl Baldrick  😃 , I have now submitted a support ticket,  Not sure I qualify though I only have the trial version, but this could be a turning point as far as my security software goes.  I've been with ESET for years, but only because they were the only ones doing 64 bit software at the time.
 
Userlevel 7
Hi GettinBetter
 
So DON'T click on it.  http://www.emotiyou.com/galerie/films/animation/moi-moche-mechant/minions/201310250040YAU.gif
 
At this point it is worthwhile making sure that you are in possession of all the words of wisdom expounded in this thread so far, and that you may have missed (apologies if you have not...but thought it best to make sure...;)).
 
If you have not yet seen then them please see Daniel's wise words in this previous post...in case it can be of assistance.
 
Regards
 
 
Baldrick
Userlevel 7
Badge +56
If you feel your infected please Submit a Support Ticket and they can look at your Scan log and help you remove anything even PUA's.
 
Cheers,
 
Daniel 😉
Userlevel 1
Wow! the concepts the same.....
Get the user to install an addon of some description, then redirect... mm.... supose that's how they all work really.....
except mine fries to get me to install 'flash'. Obviously its NOT flash, but god knows what it will do if I click on it!!!!
Userlevel 7
Badge +56
We are talking about the Bad Conduit add-on.
 
HTH,
 
TH
Userlevel 1
This sounds remarkably like the same problem I'm having.  Is this Conduit you speak of the Conduit SDK for mobile applications by any chance?
Userlevel 5
It might be conduit because i've had a simular problem with conduit, remove the homepage and that might do the job!
Userlevel 7
Badge +56
Hello Charlotte_Sterling and Welcome to the Webroot Community Forums!


 
Yes that is possible and so many sites add PUA's to software but most of the time if it's a Fake Adobe update it would be mostly a true infection also Adobe adds Crapware to there installers and users have to watch when installing and make sure to uncheck any unwanted add-ons.
 
Cheers,
 
TH ;)
Userlevel 7
Hi Charlotte
 
Welcome to the Community Fora...:D
 
Sounds like you husband should heed your advice, as should a good many others...it is sound  (apart from the bit about the Mac...;)...but then again, I am a diehard PC head and no fan of the Glowing White Apple).
 
Dispensing that sort of advice please do stick around...you will be most welcome.
 
Regards, Baldrick
My sympathies!! My husband's PC gets his browser constantly hijacked. He stopped using IE and is using FireFox but still gets them. I've helped him go through the Control Panel to delete per FireFox Mozilla's suggestions but they keep coming back. (Luckily for me, I have a MAC and have never had this problem!!)

You're right, it's nothing you sign up for but often there's lots of confusing windows which keep popping up, maybe telling him he needs an update for a legitimate program he has like Adobe Flash Player but if you look at the address it's not an Adobe one.
Userlevel 7
Badge +56
That's what we try to do is have a conversation and in the end hopefully everyone will be happy. But the point is Conduit & I never seen an update from Java or Adobe with Conduit.
 
TH
Userlevel 2
This is great news as far as I am concerned.  We are baraged by toolbar bloat and accelerators that eventually corrupt out machines and steal resources.  the old webroot had a toobar blocker, that I always liked, but now even C-Net is bundeling crap ware with normal download, so if you are not vigelent with every click, you load things without knowing it.  this is a step in the right direction.  Thank you for you input for both sides of the argument.
Userlevel 7
On the flipside alot of programs include other downloads as part of the software so are we supposed to blacklist Java/Flash/Adobe etc? Google search results are a common thing that are shown as "Evidence" of malware just because a program is difficult to remove it doesnt mean its malware. I spent ages over the weekend trying to remove .net to get it reinstalled again. Does that mean its malicious because its tricky to remove? Of course not but you can see where I am coming from.
 
As I have always said with these topics arrive I detest toolbars and these "free" programs you see on a lot of well known sites.
Userlevel 7
Badge +56
@ wrote:
Conduit has now been changed to PUA so we are blocking the installers. I still stand by my original point that a large number of these toolbars do require a user to click yes to install. We cant block every single installer of programs that people dont like, if we did that I`d guess that about 95% of software programs would be blocked!
Hi Roy I believe they all should be Blocked all As a PUA inside the software then if the user wants to install they can bypass the Block then it's out of Webroots Hands as they have been warned. Also if Conduit is on someone's system I hope WSA can remove this unrelenting (Adware, Crapware, Malware) in any case as I seen on so many security forums they are treating it as Malware. Just my opinion.
 
Daniel
Userlevel 7
Conduit has now been changed to PUA so we are blocking the installers. I still stand by my original point that a large number of these toolbars do require a user to click yes to install. We cant block every single installer of programs that people dont like, if we did that I`d guess that about 95% of software programs would be blocked!
Userlevel 2
I disagree,  as stated earlier, several people I know suddenly have conduit and dont know how they got it.  you have to remember the vast majority of computer users now a days dont really know what they are doing other than buying things from amazon, doing facebook or sending emails.  These are the people we need to protect, not the professionals.  Once you have conduit it infects every browser you have installed on your system and then comes back again if you dont malewarebye it.
Userlevel 2
I totally agree, I have spent several days on multiple computer,s removing conduit from my office environment because it kills my medical applications, and a couple of nights fixing home users that want to switch to linux now to save themselves from the constant barage of maleware they are seeing.   Even after all the other browser edits and registry hacks we do, I finally have to run MalwareBytes to finally get it to go away.  So I dont want to be buying MalwareBytes because Webroot my antiv of choice wont help me clean it out. 
 
At least give us an option to remove or protect against selected PUA's because the accidential install of these malicious pests cause hours of work to remove and return my systems to a functioning stage.
Userlevel 4
I was not referring to the toolbar -- that is not a hijacker -- it's a tool bar
 
In my case I got my home page and home page search engine changed to the Conduit homepage with the Conduit Search engine,or searching results are constantly redirected to search.conduit.com, which I described in my original post as a useless scam. There was never a visible install process and I never agreed for it to be downloaded. That's a hijack much worse than some toolbar, because it seizes control of your browser.
 
Here:
 
https://www.google.com/#q=conduit+search+removal
Malwarebytes treats this as a PUP and so should Webroot. Malwarebytes will remove it from registry etc. but you still have to go into each browser to change some settings.

Reply